Towards a machine learning-based framework for DDOS attack detection in software-defined IoT (SD-IoT) networks

Jalal Bhayo, Syed Attique Shah*, Sufian Hameed, Awais Ahmed, Jamal Nasir, Dirk Draheim

*Corresponding author for this work

    Research output: Contribution to journalArticlepeer-review

    48 Citations (SciVal)


    The Internet of Things (IoT) is a complex and diverse network consisting of resource-constrained sensors/devices/things that are vulnerable to various security threats, particularly Distributed Denial of Services (DDoS) attacks. Recently, the integration of Software Defined Networking (SDN) with IoT has emerged as a promising approach for improving security and access control mechanisms. However, DDoS attacks continue to pose a significant threat to IoT networks, as they can be executed through botnet or zombie attacks. Machine learning-based security frameworks offer a viable solution to scrutinize the behavior of IoT devices and compile a profile that enables the decision-making process to maintain the integrity of the IoT environment. In this paper, we present a machine learning-based approach to detect DDoS attacks in an SDN-WISE IoT controller. We have integrated a machine learning-based detection module into the controller and set up a testbed environment to simulate DDoS attack traffic generation. The traffic is captured by a logging mechanism added to the SDN-WISE controller, which writes network logs into a log file that is pre-processed and converted into a dataset. The machine learning DDoS detection module, integrated into the SDN-WISE controller, uses Naive Bayes (NB), Decision Tree (DT), and Support Vector Machine (SVM) algorithms to classify SDN-IoT network packets. We evaluate the performance of the proposed framework using different traffic simulation scenarios and compare the results generated by the machine learning DDoS detection module. The proposed framework achieved an accuracy rate of 97.4%, 96.1%, and 98.1% for NB, SVM, and DT, respectively. The attack detection module takes up to 30% usage of memory and CPU, and it saves about 70% memory while keeping the CPU free up to 70% to process the SD-IoT network traffic with an average throughput of 48 packets per second, achieving an accuracy of 97.2%. Our experimental results demonstrate the superiority of the proposed framework in detecting DDoS attacks in an SDN-WISE IoT environment. The proposed approach can be used to enhance the security of IoT networks and mitigate the risk of DDoS attacks.
    Original languageEnglish
    Article number106432
    JournalEngineering Applications of Artificial Intelligence
    Publication statusPublished (VoR) - Aug 2023


    • DDoS attacks
    • Internet of things (IoT)
    • Intrusion detection system (IDS)
    • Machine learning
    • SDN-WISE
    • Software defined networks (SDN)


    Dive into the research topics of 'Towards a machine learning-based framework for DDOS attack detection in software-defined IoT (SD-IoT) networks'. Together they form a unique fingerprint.

    Cite this